Goto

Collaborating Authors

Cyber espionage campaign opens backdoor to steal documents from infected PCs

ZDNet

A cyber espionage campaign is targeting the foreign ministry of a country in the European Union with the aid of a previously undocumented form of malware which provides a secret backdoor onto compromised Windows systems. Uncovered by cybersecurity researchers at ESET, the tools are designed to steal sensitive documents and other files by secretly exfiltrating them via Dropbox accounts controlled by the attackers. Dubbed Crutch by its developers, this malware campaign has been active from 2015 through to 2020 and researchers have linked it to the Turla hacking group, due to similarities with previously uncovered Turla campaigns such as Gazer. The working hours of the group also coincide with UTC 3, the timezone which Moscow sits in. The UK's National Cyber Security Centre (NCSC) is among those which has attributed Turla – also known as Waterbug and Venomous Bear – to Russia.



Suspected Russian hackers disguised as Iranian spies attacked more than 35 countries, security officials say

FOX News

Fox News Flash top headlines for Oct. 22 are here. Check out what's clicking on Foxnews.com A suspected Russian hacking group disguised as Iranian spies attacked more than 35 countries, U.S. and U.K. security officials said Monday. The group Turla, also known as Waterbug and VENOMOUS BEAR, used a variety of Iranian tools and infrastructure to hack into "government, military, technology, energy and commercial organizations" in order to steal intelligence from dozens of countries, the U.K. National Cyber Security Center (NCSC) and National Security Agency (NSA) said in a joint report. The majority of the vulnerable nations were primarily in the Middle East, NCSC said.


Russian hacker group use HTTP status codes to control malware implants

ZDNet

Today's security threats have expanded in scope and seriousness. There can now be millions -- or even billions -- of dollars at risk when information security isn't handled properly. Security researchers from Kaspersky have identified a new version of the COMpfun malware that controls infected hosts using a mechanism that relies on HTTP status codes. The malware has been first spotted last year, in November, and has been deployed in attacks against diplomatic entities across Europe. Responsible for the attacks is a group known as Turla, a state-sponsored Russian threat actor that has historically engaged in cyber-espionage operations.


Latest Turla backdoor leverages email PDF attachments as C&C mechanism

#artificialintelligence

Malware researchers from ESET have conducted a new analysis of a backdoor used by the Russia-linked APT Turla in targeted espionage operations. The new analysis revealed a list of high-profile victims that was previously unknown. Turla is the name of a Russian cyber espionage APT group (also known as Waterbug, Venomous Bear and KRYPTON) that has been active since at least 2007 targeting government organizations and private businesses. The list of previously known victims is long and includes also the Swiss defense firm RUAG, US Department of State, and the US Central Command. In June 2016, researchers from Kaspersky reported that the Turla APT had started using rootkit), Epic Turla (Wipbot and Tavdig) and Gloog Turla.